OpenSSL integration by ctz · Pull Request #86 · rustls/upki

ctz · 2026-03-03T20:22:01Z

Not a serious attempt currently.

codspeed-hq · 2026-03-03T20:27:12Z

Merging this PR will improve performance by ×16

⚡ 1 improved benchmark
✅ 3 untouched benchmarks

Performance Changes

	Benchmark	`BASE`	`HEAD`	Efficiency
⚡	`load-manifest`	369.3 µs	23.2 µs	×16

_{Comparing jbp-openssl (f9c0d58) with main (ddc848d)}

ctz · 2026-03-05T19:08:11Z

Kinda works though:

$ export LD_PRELOAD=./libupkiopenssl-preload.so

curl:

$ curl https://certdemo-dv-revoked-rsa.tls.d-trust.net/
curl: (60) SSL certificate problem: certificate revoked
More details here: https://curl.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

python:

$ python -c "import urllib.request; print(urllib.request.urlopen('https://certdemo-dv-revoked-rsa.tls.d-trust.net/').read())"
Traceback (most recent call last):
  File "/usr/lib/python3.12/urllib/request.py", line 1344, in do_open
    h.request(req.get_method(), req.selector, req.data, headers,
(... world's largest stack trace ...)
  File "/usr/lib/python3.12/urllib/request.py", line 1392, in https_open
    return self.do_open(http.client.HTTPSConnection, req,
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.12/urllib/request.py", line 1347, in do_open
    raise URLError(err)
urllib.error.URLError: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: certificate revoked (_ssl.c:1000)>

openssl CLI:

$ openssl s_client -connect certdemo-dv-revoked-rsa.tls.d-trust.net:443 -verify_return_error | tail
8097F182FC6F0000:error:0A000086:SSL routines:tls_post_process_server_certificate:certificate verify failed:../ssl/statem/statem_clnt.c:1889:
Verification error: certificate revoked
---
New, TLSv1.3, Cipher is TLS_AES_128_GCM_SHA256
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 23 (certificate revoked)
---

ctz added 4 commits March 3, 2026 13:09

Update semver-compatible dependencies

f03bdd1

Allow conversion from revocation::Error to Error

589ca22

Provide OpenSSL integration

2cae7c6

upki-ffi: guard against duplication inclusion

07e98df

Add preload hack for trying out upki with openssl

f9c0d58

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

OpenSSL integration#86

OpenSSL integration#86
ctz wants to merge 5 commits intomainfrom
jbp-openssl

ctz commented Mar 3, 2026

Uh oh!

codspeed-hq bot commented Mar 3, 2026 •

edited

Loading

Uh oh!

ctz commented Mar 5, 2026 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

ctz commented Mar 3, 2026

Uh oh!

codspeed-hq bot commented Mar 3, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Merging this PR will improve performance by ×16

Performance Changes

Uh oh!

ctz commented Mar 5, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

codspeed-hq bot commented Mar 3, 2026 •

edited

Loading

ctz commented Mar 5, 2026 •

edited

Loading